the problem as i see it
-
biggerabalone last edited by
to further supplement to my post. i'd like to point out that most of the ideas i'm suggesting are feasible and inexpensive (relatively). the malware site protection and porn protection would come from an open source service that already exists (opendns). permissions would be needed, but its cheap to do and a major security boost. plus you could turn it off if you don't want it. opendns also claims it speeds up you surfing by caching or something.
and the browser download scanner would be via the immunet project, another open source product ... though they are now owned by sourcefire or something. but their community is already implemented and could be similar to smartscreen filter. and its separate clam online malware scanner could be useful. again, permissions would be needed to direct downloads through them (same goes for virustotal - however, i think google owns them now, so immunet would be better). in the old opera i used to use the dr. web plugin to scan links and download links. this would take it to the next level.
and another idea, but likely too expensive to develop, might be to virtualize the browser while surfing.
i agree with blackbird, security maybe the best way to distinguish opera. but given opera is not made of money, using established technologies from the open source world is the way to go.
last point, with the WOT style integrated opera button, opera could generate more revenue. WOT seems profitable. i understand you could always get an extension, but this one would be part of the browser, giving it an advantage over WOT which is usually not installed. opera could later release their version into a plugin form for firefox etc, to further monopolize the market and make more money.
-
Deleted User last edited by
Wrong forum but then, you just don't get it, do you. There s no longer read these forums. Take your ideas to their blogs where they might have a chance of being seen.
-
Deleted User last edited by
Originally posted by blackbird71:
I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...
Ignorance combined with fear is a great mixture to take average users for a ride
Wonder which of the two articles is more creative:
Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox burns Chrome in our trustworthy browser poll -
blackbird71 last edited by
Originally posted by Krake:
Originally posted by blackbird71:
I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...
Ignorance combined with fear is a great mixture to take average users for a ride
Wonder which of the two articles is more creative:
Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox burns Chrome in our trustworthy browser pollWhich is why I mentioned "really, seriously" emphasizing security. If a browser were able to specifically address many of these security issues inherently in its design, to the extent that Old Opera addressed configurability, standards-compliance, and user features, then users wouldn't be taken for a ride - the browser would actually "deliver".
-
biggerabalone last edited by
Originally posted by leushino:
Wrong forum but then, you just don't get it, do you. There s no longer read these forums. Take your ideas to their blogs where they might have a chance of being seen.
the bitter little man taking selfies appears again. "There s no longer read these forums" - huh? please, no drinking when typing.
my posting seems appropriate: it is in the browser section and relates to the browser, it is not a duplicate subject and has fresh ideas expressed, it is specific and to the point, i describe a problem in relation to security and relevance and ideas on how to rectify them (though, i doubt you actually read more than a sentence). so how is this the wrong forum (true, a superficial reading might want to put it in the wish list, but it is far more nuanced than that, it discusses direction of development, relevance, and profitability)? please quote me this forum's guidelines that i failed to understand.
inversely, you have with your post(s) violated the opera rules of conduct. specifically rule 1: "Don't make inflammatory posts or threads just to stir up the forum or blog. Don't exaggerate just to make a point. Respect your fellow community members, and don't vent your frustrations at them. No trolling."
you have also repeatability violated rule 2: "No personal attacks. Attack the idea, not the person. Never post negative forum threads about other forum members".
and 5."Flooding and/or spamming means instant ban". b/c all you seem to do is repost the same comment flooding the forum, though worded slightly differently, over and over and over again. (which might also be a violation of rule 7).
i wish you would stop trolling this site. most non-nerds don't realize that you don't represent opera and will be turned off of the browser because of your boorish manners. they will regard it as poor customer service and use another browser out of spite.
-
biggerabalone last edited by
Originally posted by Krake:
Originally posted by blackbird71:
I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...
Ignorance combined with fear is a great mixture to take average users for a ride
Wonder which of the two articles is more creative:
Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox burns Chrome in our trustworthy browser pollyour reference to pcworld's article "chrome is most secure of the top three browsers study finds" validates my point. with webkit, opera will be similar in speed and rendering as other webkit browsers. security is a stand out that attracts users. chrome has a sandbox, we don't (my kids love flash games which are easily infected - a sandbox is a big deal). however, chrome stumbles with added windows services and spying for advertising purposes. we make up ground by not copying these mistakes, but not enough (as browser usage studies illustrate). most users are anti-nerd and just use their browser (they don't care what an extension is or how to get it or how to configure it). integrated security (such as the netcraft antiphishing tech in opera's presto browser) attracts users. when presto opera was rated the best browser against phishing attacks, i downloaded it. security gets publicity which attracts users. this is why google is funding so many tainted security studies to show chromes supposed superiority. if opera won the next browser hacking tests, it would be a big deal.
utilitarian features also attracts users, such as when opera introduced multi tabbing. but its hard to come up with ground altering revelations in that area (ex. google docs is a big deal. ie and firefox can't use it. luckily, we can ride on googles coat tails with the webkit engine in this regard. however, with time, google will find a way to change their apps to cut out other webkit browsers).
-
Deleted User last edited by
Originally posted by biggerabalone:
your reference to pcworld's article "chrome is most secure of the top three browsers study finds" validates my point.
Your above answer validates my point :lol:
-
biggerabalone last edited by
Originally posted by blackbird71:
Originally posted by Krake:
Originally posted by blackbird71:
I do like the idea of a browser really, seriously emphasizing security. It's probably the most natural upcoming "growth" area for browser design, given the increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections. Users may not understand all of those concepts, but they certainly fear the effects of being victimized by them. If truly creative, ...
Ignorance combined with fear is a great mixture to take average users for a ride
Wonder which of the two articles is more creative:
Chrome" target="_blank">http://www.pcworld.com/article/245856/chrome_is_most_secure_of_the_top_three_browsers_study_finds.html]Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox" target="_blank">http://nakedsecurity.sophos.com/2013/09/23/firefox-burns-chrome-in-our-trustworthy-browser-poll/]Firefox burns Chrome in our trustworthy browser pollWhich is why I mentioned "really, seriously" emphasizing security. If a browser were able to specifically address many of these security issues inherently in its design, to the extent that Old Opera addressed configurability, standards-compliance, and user features, then users wouldn't be taken for a ride - the browser would actually "deliver".
your point seems, in light of blackbirds post, to disagree that "increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections" are a problem. and that such concerns are for the ignorant. therefore, you seem to indicate that opera should ignore such concerns. an unorthodox position.
-
Deleted User last edited by
Originally posted by biggerabalone:
your point seems, in light of blackbirds post, to disagree that ...
My point is that there is no protection against ignorance/stupidity. Period.
Originally posted by biggerabalone:
"increasing current user concerns about privacy, phishing, compromised downloads, drive-by-laden ads, dangerous websites, dns hijacking, and questionable banking connections" are a problem. and that such concerns are for the ignorant.
Exactly.
Increasing user concerns should encourage computing education for the basics (safe hex).
Knowing the basics and practicing safe hex, all the above shouldn't be a main concern.- privacy = generic term, interpreted by different users in different ways
- phishing = you don't land on a fishing site by magic. You don't follow a link to access your banking page. Besides, browsers have an address bar which should show you the exact address.
- compromised downloads = download software only from the producer's home page. No browser can protect you from downloading shitware.
- drive-by-laden ads = this can occur in different ways. No browser can prevent legit sites to be infected. However practising safe hex will keep you clean even you visit infected sites. Most used attack vectors: scripting, malicious iframe, third party plugins.
- dangerous websites = theoretically it can be any site you visit
- dns hijacking = many ISPs (in Western Europe and USA as well) for self-serving purposes but I don't think you meant that.
Anyway, how could a browser protect your system from malware??? - questionable banking connections= ???
Increasing user concerns should encourage computing education for the basics (safe hex).
Knowing the basics and practicing safe hex, all the above shouldn't be a concern.Originally posted by biggerabalone:
therefore, you seem to indicate that opera should ignore such concerns.
I couldn't care less what Opera does.
Opera Presto was my first choice for more than a decade whereas the new 'Opera' (Blink) is dead meat for me. -
biggerabalone last edited by
"My point is that there is no protection against ignorance/stupidity. Period."
we'll disagree on this one. i maintain some computers in a seniors home, and they are truly ignorant. i have set up their systems to protect them despite their ignorance. no user input or interaction required, just safety and ease of use. you have to remove the nerd factor from the technology. education works only for those who wish to be educated, most do not. a fishermen care about fishing, not phishing. if he has to use a computer, he'll want it to work like his microwave or fridge - just to do what its meant to do without taking a class or reading a book about it. firefox has many great plugins. its nerd paradise. yet the average user grows tired and/or intimidated by the multitude of choices regarding them. which ones are legitimate, which work, which one is superior for your task, etc. after hours of reading and trial and error you may finally get it configured. this is why firefox is losing the battle, because it only really appeals to the fringe tech nerds. some people would rather go hunting or water skiing on their off time. we both know that for proper security you have to remove java, flash, and pretty much anything that makes the internet fun. so likely, you'll have to manually turn them on or off depending on your sites etc. i, for one, grow tired of wasting my life on these pursuits. i used to spend hours (a year) looking up the independent testing of antivirus companies (firewalls, etc) and changing my systems to maximize protection (for freeware). lifes too short for this. i could have used that time to have sex:) apple understands this and integrates security and simplifies operation. that is why they are worth soooooo much money.
-
Deleted User last edited by
Originally posted by biggerabalone:
i, for one, grow tired of wasting my life on these pursuits. i used to spend hours (a year) looking up the independent testing of antivirus companies (firewalls, etc) and changing my systems to maximize protection (for freeware). lifes too short for this. i could have used that time to have sex:)
I have also been through that. However, I had also time for a girlfriend. It was enough time for sex too, certainly not for 5 hours the day
I learned what a FW & AV does and how it works. I had a nice malware collection and also learned how to trick AVs with a weak unpacking engine or weak signatures. Then I gave up testing with malware and some time later also gave up to use a FW and an AV. With other words 'I grew up'
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
Now I am on Win7. I've left its firewall enabled but I have disabled the AV. So I am unprotected and still waiting to get hit by some malware.
BTW, I have also disabled in Opera Presto "Enable Fraud and Malware Protection" and so did I in Firefox with "Block reported attack sites" and "Block reported forgeries".@scratchspaceredux
Your favorite argument seems to be the term "dodge". Good luck with it -
biggerabalone last edited by
Originally posted by Krake:
Originally posted by biggerabalone:
i, for one, grow tired of wasting my life on these pursuits. i used to spend hours (a year) looking up the independent testing of antivirus companies (firewalls, etc) and changing my systems to maximize protection (for freeware). lifes too short for this. i could have used that time to have sex:)
I have also been through that. However, I had also time for a girlfriend. It was enough time for sex too, certainly not for 5 hours the day
I learned what a FW & AV does and how it works. I had a nice malware collection and also learned how to trick AVs with a weak unpacking engine or weak signatures. Then I gave up testing with malware and some time later also gave up to use a FW and an AV. With other words 'I grew up'
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
Now I am on Win7. I've left its firewall enabled but I have disabled the AV. So I am unprotected and still waiting to get hit by some malware.
BTW, I have also disabled in Opera Presto "Enable Fraud and Malware Protection" and so did I in Firefox with "Block reported attack sites" and "Block reported forgeries".@scratchspaceredux
Your favorite argument seems to be the term "dodge". Good luck with iti know what your saying, but without protection, you wouldn't know if you had a rootkit, trojan, etc because they wish to be undetected. you might notice a system slowdown, but not likely (considering you have no av which eats resources). i suspect you don't do online banking or purchase things online with your credit card, 'cuz that would be asking for trouble. i might be able to set your computer up as a slave bot for some nefarious activity i've been contemplating, please post your email:) at the end of the day though, you might want to try running linux. i'm using xubuntu to write this. linux is pretty hard to infect and doesn't require antivirus protection (if your system is stronger than mine, which it is, you might prefer mint or ubuntu) - but i'm digressing into nerdville here. time to go find the mrs.:)
-
Deleted User last edited by
Originally posted by biggerabalone:
i know what your saying, but without protection, you wouldn't know if you had a rootkit, trojan, etc because they wish to be undetected.
I could ask you the same question although you are 'protected'.
Ask the Iranians or picking a more trivial example - was the Sony rootkit detected by an AV?
As for being unprotected, my protection consists in common sense and now and then a forensic check.To make it clear for everybody - I strongly recommend for every eaverage user to use an AV!
However I found your recommendations to make a browser secure funny to say the least.Originally posted by biggerabalone:
i might be able to set your computer up as a slave bot for some nefarious activity i've been contemplating, please post your email:)
krake@myopera.com
Please feel free to set up my computer as a slave for whatever activities you like. Take this as my official allowanceOriginally posted by biggerabalone:
at the end of the day though, you might want to try running linux.
Or OpenBSD (if your hardware supports it) for that matter.
BTW, did you know that UNIX rootkits were the first? Windows rootkits came many years later.
-
frenzie last edited by
Originally posted by Krake:
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
I assume you were still behind a router's firewall, or you'd have been hit by the Blaster virus.
-
Deleted User last edited by
Originally posted by Frenzie:
Originally posted by Krake:
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
I assume you were still behind a router's firewall, or you'd have been hit by the Blaster virus.
Wrong assumption
I was behind a simple DSL modem. With closed ports/services you don't need turned off, Blaster had no chances.
Among other ports/services I had port 135, DCOM closed. -
Deleted User last edited by
Originally posted by scratchspaceredux:
Another example of your impeccable reasoning: Citing a spectacular example involving the world's most sophisticated malware to imply that AV software doesn't really protect a user.
You did understand nothing. Doesn't surprise me taken into consideration the way you argued till now.
My point was that a forensic check would have revealed even the most sophisticated malware. Same applies to the Sony rootkit which was far less complicated.Originally posted by scratchspaceredux:
Current security software is totally ineffective against rootkits?
Where did I said that?
However mostly ineffective against rootkits/malware it doesn't have signatures for or against rootkits/malware packed with an unknown packer.
Some AVs have also memory scanners but once the harming code is in RAM it could be too late.
Behaviour scanners are FP prone and thus can do more harm than benefit.Originally posted by scratchspaceredux:
But rationality had to take a back seat to your most important point, which was that "real men" (such as yourself) don't use AV software.
My point was that the weakest link in a chain is always the user. It's not about using or not an AV.
I even strongly recommended using an AV. See my post above.
Some of those who know what they are doing (not only men but also women) will prefer to make a forensic check now and then.You can 'enhance' a browser by routing every request around half of the world before it reaches destination (data collectors will enjoy it) to make users feel safer. I couldn't care less how many security layers people would choose to add. My point is that basic education (safe hex) is as valuable (if not the most) than any of the security layers one might choose to add.
Originally posted by scratchspaceredux:
Sensible people are not impressed.
Nice to meet such a sensible person, scratchspaceredux
-
frenzie last edited by
Originally posted by Krake:
I was behind a simple DSL modem. With closed ports/services you don't need turned off, Blaster had no chances.
Among other ports/services I had port 135, DCOM closed.It can be hard to tell what you don't need if it's all enabled by default. But yes, back in those days I was definitely trying to turn off as much as possible. Primarily for memory and performance reasons, although additional security was a nice bonus.
-
Deleted User last edited by
Originally posted by Frenzie:
It can be hard to tell what you don't need if it's all enabled by default.
There were nice instructions that most people could understand and follow.
-
j7nj7n last edited by
I agree with Krake, except that I would not recommend to use an antivirus because of their ever increasing requirements for CPU and RAM. A computer is never "too fast", which is why we upgrade after all. I can't see sacrificing any significant part of this limited performance to a questionable sense of security. I also fear that there will be "acceptable" computer viruses made by the government to a) fight copyright infringement, b) give them general control over my system. I can't rely on an anti-virus for protection from them.
A good security policy when dealing with Microsoft software used to be switching to alternate protocols or programs to those included with Windows, such as FTP over Network Neighborhood. I've had Samba & NetBios completely off for many years without knowing anything about the Blaster worm.
Back in the 2003, consumer routers were utterly unreliable or slow. I suppose performance concious users might have chosen not to use one. I remember I had a router which could only sustain 20 megabits, and then crashed into endless rebooting cycles.
I noticed that since XP Service Pack 2, it is no longer possible to disable as many services without breaking seemingly unrelated functionality. These instructions are good for versions below that. Right now I have an SP1 and SP3 PC with similar set of enabled services, where the newer one is unable to browse a list of computers in the "neighborhood" (now enabled again). They made the new OS more of a package deal.